{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10976","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-25T14:20:47.528Z","datePublished":"2025-09-25T22:02:08.243Z","dateUpdated":"2025-09-26T17:52:54.563Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-25T22:02:08.243Z"},"title":"JeecgBoot getDepartUserList improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"n/a","product":"JeecgBoot","versions":[{"version":"3.8.0","status":"affected"},{"version":"3.8.1","status":"affected"},{"version":"3.8.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In JeecgBoot up to 3.8.2 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /api/getDepartUserList. Die Manipulation des Arguments departId führt zu improper authorization. Der Angriff kann über das Netzwerk erfolgen. Ein Angriff erfordert eine vergleichsweise hohe Komplexität. Die Ausnutzbarkeit gilt als schwierig. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":2.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"LOW"}},{"cvssV3_1":{"version":"3.1","baseScore":3.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.1,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.1,"vectorString":"AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-25T16:26:13.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"lucasg2g (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.325847","name":"VDB-325847 | JeecgBoot getDepartUserList improper authorization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.325847","name":"VDB-325847 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.653333","name":"Submit #653333 | jeecgboot 3.8.2 broken function level authorization","tags":["third-party-advisory"]},{"url":"https://www.cnblogs.com/aibot/p/19063349","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://www.cnblogs.com/aibot/p/19063349","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-26T17:36:29.032067Z","id":"CVE-2025-10976","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-26T17:52:54.563Z"}}]}}